WGU D487 EXAM QUESTIONS & ANSWERS
A1 - Security Assessment - Answers :Is the first phase of SDL. This is the phase in
which the project team identifies the project risk profile and the needed SDL activities, in
some SDLs it is called the discovery phase.
A2- Architecture - Answers :At this stage of the SDL, security is looked at more in terms
of business risks, which inputs from the software security group and discussions with
key stakeholders in the SDLC.
A3 - Design and Development - Answers :In this phase the end user of your software is
foremost in your mind. During this phase, you will do an analysis of policy compliance,
create the test plan documentation, , update your threat models if necessary, conduct a
design security analysis, and do a privacy implementation assessment so you can make
informed decisions about how to deploy your software securely and establish
development best practices to detect and remove security and privacy issues early in
the development lifecycle.
A4 - Design and Development - Answers :This phase can be mapped to the "readiness"
phase in a typical software development life cycle (SDLC). In this phase we start the
continuation of policy compliance analysis.
A5 - Ship - Answers :In the final policy compliance review, the SDL policy will be
reviewed to ensure that the policy provides specific requirements based on different
development criteria, such as product type, code type, and platform. A vulnerability scan
will look for any remaining vulnerabilities in your software and associated systems and
report potential exposure.
Scrum Master - Answers :A person who ensures that the team is productive, facilitates
the daily Scrum, enables close cooperation across all roles and functions, and removes
barriers that prevent the team from being effective
Product Owner - Answers :Key stakeholder. Represents the users you're building the
solution for. Often someone from the product management or marketing department.
Scrum Team - Answers :A small group of up to 9 cross-functional developers that is
responsible for developing, testing, and delivering software at the end of a scrum sprint.
The team determines a sprint's major goals and deliverables.
Scrum Ceremonies - Answers :Sprint Planning - Product owner top ideas
Sprint Review - Shows what accomplished during sprint
Sprint Retrospective - How well is scrum working
Daily Scrum - Helps the team stay on track
Scrum Artifacts - Answers :Product Backlog - List of desired features for a product
Sprint backlog - List of tasks to be completed
, Burndown Chart - Updated after every sprint
Sprint - Answers :A fixed length of time period in which a specific set of work is
completed. It is a time-boxed iteration, typically lasting between one to four weeks, with
two weeks being the most common duration.
DREAD - Answers :D - Damage Potential - How catastrophic is the event?
R - Reproducibility - How easy to reproduce the attack?
E - Exploitability - How easy to launch the attack?
A - Affected Users - What percentage of users are affected?
D - Discoverability - How easy it is to find the vulnerability?
STRIDE-Per-Element - Answers :Concentrates on each element of a diagram. Based
on threats common to each type of element.
STRIDE-Per-Interaction - Answers :Concentrates on the interactions of a system. Leads
to threats that are easier to understand.
OCTAVE - Answers :Operationally
Critical
Threat
Asset
Vulnerability Evaluation
*Risk Analysis Framework
*Evaluates Organizations
PASTA - Answers :Process for
Attack
Simulation
Threat Analysis
*Targeted towards medium to large sized companies
*Mature companies
*Having security knowledge
*Iterative
*Outcome is geared towards management
STRIDE Model - Answers :S - Spoofing - How do we ensure a users authenticity?
T - Tampering - How do we check the integrity of our data?
R - Repudiation - How do we audit actions in our systems?
I - Information Disclosure - How do we keep data confidential?
A1 - Security Assessment - Answers :Is the first phase of SDL. This is the phase in
which the project team identifies the project risk profile and the needed SDL activities, in
some SDLs it is called the discovery phase.
A2- Architecture - Answers :At this stage of the SDL, security is looked at more in terms
of business risks, which inputs from the software security group and discussions with
key stakeholders in the SDLC.
A3 - Design and Development - Answers :In this phase the end user of your software is
foremost in your mind. During this phase, you will do an analysis of policy compliance,
create the test plan documentation, , update your threat models if necessary, conduct a
design security analysis, and do a privacy implementation assessment so you can make
informed decisions about how to deploy your software securely and establish
development best practices to detect and remove security and privacy issues early in
the development lifecycle.
A4 - Design and Development - Answers :This phase can be mapped to the "readiness"
phase in a typical software development life cycle (SDLC). In this phase we start the
continuation of policy compliance analysis.
A5 - Ship - Answers :In the final policy compliance review, the SDL policy will be
reviewed to ensure that the policy provides specific requirements based on different
development criteria, such as product type, code type, and platform. A vulnerability scan
will look for any remaining vulnerabilities in your software and associated systems and
report potential exposure.
Scrum Master - Answers :A person who ensures that the team is productive, facilitates
the daily Scrum, enables close cooperation across all roles and functions, and removes
barriers that prevent the team from being effective
Product Owner - Answers :Key stakeholder. Represents the users you're building the
solution for. Often someone from the product management or marketing department.
Scrum Team - Answers :A small group of up to 9 cross-functional developers that is
responsible for developing, testing, and delivering software at the end of a scrum sprint.
The team determines a sprint's major goals and deliverables.
Scrum Ceremonies - Answers :Sprint Planning - Product owner top ideas
Sprint Review - Shows what accomplished during sprint
Sprint Retrospective - How well is scrum working
Daily Scrum - Helps the team stay on track
Scrum Artifacts - Answers :Product Backlog - List of desired features for a product
Sprint backlog - List of tasks to be completed
, Burndown Chart - Updated after every sprint
Sprint - Answers :A fixed length of time period in which a specific set of work is
completed. It is a time-boxed iteration, typically lasting between one to four weeks, with
two weeks being the most common duration.
DREAD - Answers :D - Damage Potential - How catastrophic is the event?
R - Reproducibility - How easy to reproduce the attack?
E - Exploitability - How easy to launch the attack?
A - Affected Users - What percentage of users are affected?
D - Discoverability - How easy it is to find the vulnerability?
STRIDE-Per-Element - Answers :Concentrates on each element of a diagram. Based
on threats common to each type of element.
STRIDE-Per-Interaction - Answers :Concentrates on the interactions of a system. Leads
to threats that are easier to understand.
OCTAVE - Answers :Operationally
Critical
Threat
Asset
Vulnerability Evaluation
*Risk Analysis Framework
*Evaluates Organizations
PASTA - Answers :Process for
Attack
Simulation
Threat Analysis
*Targeted towards medium to large sized companies
*Mature companies
*Having security knowledge
*Iterative
*Outcome is geared towards management
STRIDE Model - Answers :S - Spoofing - How do we ensure a users authenticity?
T - Tampering - How do we check the integrity of our data?
R - Repudiation - How do we audit actions in our systems?
I - Information Disclosure - How do we keep data confidential?
